On July 26, the Obama administration released a framework for incident handling around cyber-attacks. The framework is part of the Presidential Policy Directive on United States Cyber Incident Coordination and action plan that was released in February of this year. It provides a clear standard of when and how government agencies will handle cyber security incidents. Included in the directive is a new color-coded scale that assigns specific colors and response levels to the danger of a cyber-attack.

Business owners rely on internet connectivity for everything from business operations, productivity and collaboration services to maintaining customer relationships. Unfortunately, the reliance on internet connectivity and cloud services also increases the risks and enhances the exposure to the threat of cyber crime. In addition to stealing money by fraud and deception with things like ransomeware, cyber criminals can also cause damage to your businesses reputation and put you out of business completely depending on the impact and headline worthiness of an incident. As a small business, the risk of a cyber incident or breach can be much more impacting on your ability to do business than a large enterprise that has the ability to absorb the costs that incident response may present.

A business can never be completely safe from the threat of cyber crime but most cyber attacks can be mitigated with some basic security practices. Online security should be taken as seriously as locking the doors of your business and storing cash and valuables in a safe location. Clients have the expectation and right to the security of their data and it's essential that steps are taken to prevent it from being exposed on the internet due to poor security practices. The following tips will enhance your defenses against cyber attacks:

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many. The Windows bug is being exploited in the wild, which users should install fixes as soon as possible. Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites. According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites. The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer. According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit. The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site. South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer. Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild. FireEye first reported the vulnerability on May 10. The vulnerability affects Windows, Mac, Linux, and Chrome OS. The CVE number is CVE-2016-4117.

According to the latest Kaspersky Labs report, financial institutions have had approximately $1 billion (£648 million) stolen in the cyber attacks starting in 2013 and are still ongoing. The report identifies a cybercriminal group named “Carbanak” consisting of members from Russia, Ukraine, and China. Carbanak is also suspected as the group behind for the major retail breaches with Bebe Stores, Sheplers, and Staples. Carbanak leveraged well-known vulnerabilities in Microsoft Office in nearly all of their attacks against financial institutions. The average attack was carried out over a period of 2 to 4 months, entailed a 100+ compromised internal systems, and resulted in up to $10 million in stolen financial assets.

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.